RU2012130527A

RU2012130527A - METHOD OF EXECUTION AND SYSTEM OF UNIVERSAL ELECTRONIC CARD AND SMART CARD

Info

Publication number: RU2012130527A
Application number: RU2012130527/08A
Authority: RU
Inventors: Зухуй ЮИ; Манксю ГУО; Ксяомин РЕН; Фенг ЛУО; Яквиан ЛИ
Original assignee: Чайна Мобайл Коммуникейшенс Корпорейшн
Priority date: 2009-12-21
Filing date: 2010-12-21
Publication date: 2014-01-27
Also published as: CN102103651A; RU2573211C2; WO2011076102A1; KR20120112598A; US20120284519A1; KR101509043B1; JP2013515301A; CN102103651B; EP2518933A4; EP2518933A1

Abstract

1. Способ реализации системы универсальных электронных карт, предусматривающий:получение через смарт-карту сообщения по созданию управляющего субприложения от операционной платформы эмитента карт, дешифрование сообщения по предварительно сохраненному ключу шифрования конфиденциальных данных эмитента карт, получение данных управляющего субприложения и создание управляющего субприложения по данным управляющего субприложения, при этом ключ управления предприятием находится в данных управляющего субприложения; иполучение сообщения по созданию неуправляющего субприложения от операционной платформы предприятия, дешифрование сообщения неуправляющего субприложения по ключу шифрования конфиденциальных данных, находящихся в ключе управления предприятием, получение данных неуправляющего субприложения и создание неуправляющего субприложения по данным неуправляющего приложения.2. Способ по п.1, также предусматривающий:получение через смарт-карту управляющего сообщения, отправляемого операционной платформой эмитента карт, где отправка полученного управляющего сообщения осуществляется после шифрования в различных режимах шифрования операционной платформой эмитента карт в зависимости от различного характера конфиденциальности данных, содержащихся в управляющем сообщении, режимов шифрования, предусматривающих шифрование управляющего сообщения, содержащего конфиденциальные данные посредством использования ключа шифрования конфиденциальных данных эмитента карт, и шифрование управляющего сообщения, содержащего неконфиденциальные данные, посредством использования ключа шифрования неконфи�1. A method for implementing a system of universal electronic cards, which includes: receiving via a smart card a message on creating a control sub-application from the operating platform of the card issuer, decrypting the message using a previously saved encryption key of the confidential data of the card issuer, receiving data from the control sub-application and creating a control sub-application according to the data of the manager sub-application, while the enterprise management key is in the data of the control sub-application; and receiving a message to create a non-managing sub-application from the enterprise operating platform, decrypting the message of the non-controlling sub-application using the encryption key of confidential data located in the enterprise management key, obtaining the data of the non-controlling sub-application, and creating a non-controlling sub-application from the data of the non-controlling application. 2. The method according to claim 1, further comprising: receiving, through a smart card, a control message sent by the operating platform of the card issuer, where the received control message is sent after encryption in various encryption modes by the operating platform of the card issuer, depending on the different nature of the confidentiality of the data contained in the control encryption modes that encrypt the control message containing confidential data by using the card issuer's confidential data encryption key and encrypt the control message containing non-confidential data using the non-confidential encryption key�

Claims

1. A method for implementing a universal electronic card system, comprising:

receiving via smart card a message about creating a control sub-application from the card issuer’s operating platform, decrypting the message using a previously saved encryption key for confidential data of the card issuer, receiving data of the managing sub-application and creating a controlling sub-application based on the data of the managing sub-application, while the enterprise management key is in the data subapplications; and

receiving a message for creating a non-managing sub-application from the enterprise operating platform, decrypting the message of the non-managing sub-application using the encryption key of confidential data located in the enterprise management key, receiving data of the non-managing sub-application and creating the non-controlling sub-application using the data of the non-managing application.

2. The method according to claim 1, also providing:

receiving a control message via a smart card sent by the card issuer’s operating platform, where the control message is sent after encryption in various encryption modes by the card issuer’s operating platform, depending on the different nature of confidentiality of the data contained in the control message, encryption modes that encrypt the control message containing confidential data through the use of a confidential data encryption key card issuers, and encrypting the control message containing non-confidential data by using the encryption key for the non-confidential data of the card issuer; and

decrypting the received control message using the previously stored encryption key for the confidential data of the card issuer or the previously saved encryption key for the non-confidential data of the issuer and performing various operations depending on the content of various messages.

3. The method according to claim 2, characterized in that the control message containing confidential data includes: a message about the suspension or restoration of the control sub-application, a message about the removal of the control sub-application and / or non-control sub-application, a message about the restoration of the enterprise management key, and also a message about unlocking the control sub-application and / or non-management sub-application.

4. The method according to claim 1, also providing:

receiving a control message via a smart card sent by the enterprise operating platform, where the control message is sent after encryption in various encryption modes by the enterprise operating platform, depending on the different nature of data confidentiality contained in the control message, encryption modes that encrypt the control message containing confidential data through the use of an encryption key for confidential company data and encrypting the control message containing the non-confidential data by using the encryption key of the non-confidential company data; and

decrypting the received control message using the encryption key of confidential company data or the encryption key of non-confidential company data contained in the enterprise management key, as well as performing various operations depending on the content of various messages.

5. The method according to claim 4, characterized in that the control message containing confidential data includes: a message about the suspension or restoration of the control sub-application, a message about updating the enterprise control key and a message about updating the data of the non-controlling sub-application.

6. The method according to claim 1, also providing:

receiving via a smart card a control message sent by the platform through the card issuer’s operating platform, where the control message is sent after the card issuer has encrypted it with the card issuer’s operating platform by encrypting the confidential data of the card issuer or the encryption key of the encryption key of the card issuer’s non-confidential data after sending the control message to the operating card issuer platform after encryption by the enterprise operating platform through key cha encryption of confidential company data or encryption key of non-confidential company data; and

decryption of the received control message by sequential use of the card issuer’s confidential data encryption key or card issuer’s non-confidential data encryption key, company’s confidential data encryption key or company’s non-confidential data encryption key.

7. The method according to claims 1-6, characterized in that the card issuer MAC key (message authorization code) is additionally stored in the smart card and the enterprise management key further includes an enterprise MAC key; and

sending a message received by a smart card is carried out after ensuring integrity protection by the operating platform of the card issuer and the operating platform of the enterprise using the encryption key of the corresponding confidential data or the MAC key after the operation is completed;

and this method further provides:

conducting through the smart card a verification of the integrity of the received message on the encryption key of confidential data or the MAC key of each platform and the operation of decryption after the message is verified.

8. A system for implementing a universal electronic card system, including a smart card, an operating platform for a card issuer and an operating platform in which a smart card is configured to receive a message for creating a control sub-application from an operating platform for a card issuer, to decrypt a message using a previously saved encryption key confidential data of the issuer, obtaining data of a managing sub-application and creating a managing sub-application according to the data of the managing sub-application, while enterprise management is the key to control sub-application data; and receiving a message for creating a non-managing sub-application from the enterprise operating platform, decrypting the message of the non-managing sub-application using the encryption key of confidential data in the enterprise control key, receiving data of the non-managing sub-application, and creating the non-controlling sub-application using the data of the non-managing application.

9. The system of claim 8, characterized in that the card issuer’s operating platform is additionally configured to send a control message to a smart card and encrypt it in various modes, depending on the different nature of the confidentiality of the data contained in the control message, encryption modes involving encryption of the manager messages containing confidential data through the use of an encryption key for confidential data of the card issuer, and encryption of the control message containing non-confidential data by using the encryption key of non-confidential data of the card issuer; and

the smart card is additionally configured to decrypt the received control message using the previously saved encryption key for the confidential data of the card issuer or the previously saved encryption key for the non-confidential data of the issuer and perform various operations depending on the content of various messages.

10. The system of claim 8, characterized in that the operating platform of the enterprise is additionally configured to send a control message to a smart card and encrypt it in various modes, depending on the different nature of the confidentiality of the data contained in the control message, encryption modes that encrypt the control message containing confidential data through the use of an encryption key for confidential enterprise data, and encrypting a control message containing no Confidential data by using the encryption key enterprise non-confidential data; and

the smart card is additionally configured to decrypt the received control message using the encryption key of confidential company data or the encryption key of non-confidential company data contained in the enterprise management key, as well as to perform various operations depending on the content of various messages.

11. The system of claim 8, characterized in that:

the enterprise’s operating platform is additionally configured to encrypt a message sent to the smart card using an encryption key for confidential company data or an encryption key for non-confidential enterprise data and send an encrypted message to the card issuer’s operating platform;

the card issuer’s operating platform is additionally configured to encrypt the received message using the card issuer’s confidential data encryption key or the card issuer’s non-confidential data encryption key and send the encrypted message to the smart card; and

the smart card is further configured to decrypt the received control message by sequentially using the card issuer’s confidential data encryption key or the card issuer’s non-confidential data encryption key, the company’s confidential data encryption key, or the company’s non-confidential data encryption key.

12. The system according to claims 8-11, characterized in that the card issuer MAC key is additionally stored in a smart card and the enterprise management key further includes an enterprise MAC key;

the card issuer’s operating platform and the enterprise’s operating platform are additionally configured to protect the integrity of the message sent to the smart card using the encryption key of the corresponding confidential data or the MAC key after the encryption operation is completed; and

the smart card is additionally configured to check the integrity of the received message with the encryption key of confidential data or the MAC key of each platform and perform an encryption operation after the message has passed the verification.

13. A smart card, including a logical processing device for the functioning of a universal electronic card and a storage unit, where

the universal functioning logical processing device is configured to receive a message on the creation of a control sub-application from the card issuer’s operating platform, to decrypt the message using a previously saved encryption key for confidential data of the card issuer, to obtain data on the control sub-application and to create a control sub-application based on the data of the control sub-application, while the enterprise management key is in the data of the managing subapplication; and receiving a message on the creation of a non-managing sub-application from the enterprise operating platform, decrypting the message of the non-managing sub-application using the encryption key of confidential data in the enterprise control key, receiving data of the non-managing sub-application and creating the non-controlling sub-application according to the data of the non-managing application; and

the storage unit is configured to store the created control sub-application and non-control application.

14. The smart card according to claim 13, wherein the logical processing device of the universal electronic card is additionally configured to receive a control message from the card issuer’s operating platform, decrypt the received message using a previously stored encryption key for confidential data of the card issuer or an encryption key for non-confidential data card issuer, as well as the implementation of various operations depending on the content of various messages; and

receiving a control message from the enterprise’s operating platform, decrypting the control message using the encryption key of the confidential company data or the encryption key of the non-confidential company data contained in the enterprise management key, and also for performing various operations depending on the content of various messages.

15. The smart card of claim 13, wherein the universal electronic card logical processing device is further configured to receive a control message sent by the card issuer’s operating platform through the card issuer’s operating platform and decrypt the received message by sequentially using a previously stored confidential encryption key card issuer data or pre-stored non-confidential data encryption key card issuer, as well as the received encryption key of confidential company data or the encryption key of non-confidential data contained in the enterprise management key.

16. A smart card according to claims 13, 14 or 15, characterized in that the logical processing device of the universal electronic card is configured to verify the integrity of the received control message using the previously saved encryption key for confidential data of the card issuer or the previously saved MAC key of the card issuer and / or conducting an integrity check of the received message using the enterprise confidential data encryption key or the enterprise MAC key contained in the control key Lenia enterprise, as well as the implementation of the decryption operation after the message has been reviewed.